The Samba-Bugzilla – Attachment 7715 Details for
Bug 9052
winbind doesn't return "Domain Local" groups from own domain
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Replacement patch for master and 3.6.next with the removal of the sid_array_from_info3() paramter.
0001-s3-winbind-Fix-bug-9052-resolving-our-own-Domain-Loc.patch (text/plain), 3.70 KB, created by
Jeremy Allison
on 2012-07-21 00:14:38 UTC
(
hide
)
Description:
Replacement patch for master and 3.6.next with the removal of the sid_array_from_info3() paramter.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2012-07-21 00:14:38 UTC
Size:
3.70 KB
patch
obsolete
>From a03b21853692421e060b2c07062ba5cfdb075ff5 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Fri, 20 Jul 2012 17:12:09 -0700 >Subject: [PATCH] s3-winbind: Fix bug #9052 resolving our own "Domain Local" > groups. > >We don't resolve our own "Domain Local" groups since bug #7843 has been >fixed. So we need to add the add resource groups to the sid list too. > >Before bug #7843 the "Domain Local" groups were added with a >lookupuseraliases call, but this isn't done anymore for our domain >so we need to resolve resource groups here. > >When to use Resource Groups: >http://technet.microsoft.com/en-us/library/cc753670%28v=WS.10%29.aspx > >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > source3/include/proto.h | 3 +-- > source3/lib/util_sid.c | 9 +-------- > source3/winbindd/winbindd_pam.c | 2 +- > source3/winbindd/winbindd_util.c | 12 +++++++++--- > 4 files changed, 12 insertions(+), 14 deletions(-) > >diff --git a/source3/include/proto.h b/source3/include/proto.h >index e22fc9c..720f431 100644 >--- a/source3/include/proto.h >+++ b/source3/include/proto.h >@@ -809,8 +809,7 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, > const struct netr_SamInfo3 *info3, > struct dom_sid **user_sids, > uint32_t *num_user_sids, >- bool include_user_group_rid, >- bool skip_ressource_groups); >+ bool include_user_group_rid); > > /* The following definitions come from lib/util_sock.c */ > >diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c >index f080d3d..f051b7a 100644 >--- a/source3/lib/util_sid.c >+++ b/source3/lib/util_sid.c >@@ -130,8 +130,7 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, > const struct netr_SamInfo3 *info3, > struct dom_sid **user_sids, > uint32_t *num_user_sids, >- bool include_user_group_rid, >- bool skip_ressource_groups) >+ bool include_user_group_rid) > { > NTSTATUS status; > struct dom_sid sid; >@@ -191,12 +190,6 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, > */ > > for (i = 0; i < info3->sidcount; i++) { >- >- if (skip_ressource_groups && >- (info3->sids[i].attributes & SE_GROUP_RESOURCE)) { >- continue; >- } >- > status = add_sid_to_array(mem_ctx, info3->sids[i].sid, > &sid_array, &num_sids); > if (!NT_STATUS_IS_OK(status)) { >diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c >index 4c078df..55069f6 100644 >--- a/source3/winbindd/winbindd_pam.c >+++ b/source3/winbindd/winbindd_pam.c >@@ -306,7 +306,7 @@ static NTSTATUS check_info3_in_group(struct netr_SamInfo3 *info3, > status = sid_array_from_info3(talloc_tos(), info3, > &token->sids, > &token->num_sids, >- true, false); >+ true); > if (!NT_STATUS_IS_OK(status)) { > TALLOC_FREE(frame); > return status; >diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c >index 63cb2d2..37b6578 100644 >--- a/source3/winbindd/winbindd_util.c >+++ b/source3/winbindd/winbindd_util.c >@@ -1033,12 +1033,18 @@ NTSTATUS lookup_usergroups_cached(struct winbindd_domain *domain, > return NT_STATUS_UNSUCCESSFUL; > } > >- /* Skip Domain local groups outside our domain. >- We'll get these from the getsidaliases() RPC call. */ >+ /* >+ * Before bug #7843 the "Domain Local" groups were added with a >+ * lookupuseraliases call, but this isn't done anymore for our domain >+ * so we need to resolve resource groups here. >+ * >+ * When to use Resource Groups: >+ * http://technet.microsoft.com/en-us/library/cc753670%28v=WS.10%29.aspx >+ */ > status = sid_array_from_info3(mem_ctx, info3, > user_sids, > &num_groups, >- false, true); >+ false); > > if (!NT_STATUS_IS_OK(status)) { > TALLOC_FREE(info3); >-- >1.7.7.3 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
asn
:
review+
Actions:
View
Attachments on
bug 9052
:
7711
| 7715